Update .gitignore, README, and Traefik configuration; add new services and environment variables

2025-12-06 00:00:13 -08:00 · 2025-11-10 19:24:57 -05:00
parent b3ee10a119
commit f9073a07a5
10 changed files with 205 additions and 10 deletions
--- a/pangolin/config/config.yml
+++ b/pangolin/config/config.yml
@@ -0,0 +1,76 @@
+app:
+  dashboard_url: https://pangolin.acedanger.com
+  log_level: info
+  save_logs: false
+domains:
+  domain1:
+    base_domain: acedanger.com
+    cert_resolver: letsencrypt
+  domain2:
+    base_domain: peterwood.rocks
+    cert_resolver: letsencrypt
+  domain3:
+    base_domain: peterwood.dad
+    cert_resolver: letsencrypt
+  domain4:
+    base_domain: ptrwd.com
+    cert_resolver: letsencrypt
+  domain5:
+    base_domain: margotwood.xyz
+    cert_resolver: letsencrypt
+server:
+  external_port: 3000
+  internal_port: 3001
+  next_port: 3002
+  internal_hostname: pangolin
+  session_cookie_name: p_session_token
+  resource_access_token_param: p_token
+  resource_access_token_headers:
+    id: P-Access-Token-Id
+    token: P-Access-Token
+  resource_session_request_param: p_session_request
+  secret: EkiOH3KRHNzde3euT1yTaYIKXchPmHqz
+  cors:
+    origins:
+      - https://pangolin.acedanger.com
+    methods:
+      - GET
+      - POST
+      - PUT
+      - DELETE
+      - PATCH
+    headers:
+      - X-CSRF-Token
+      - Content-Type
+    credentials: false
+traefik:
+  cert_resolver: letsencrypt
+  http_entrypoint: web
+  https_entrypoint: websecure
+gerbil:
+  start_port: 51820
+  base_endpoint: pangolin.acedanger.com
+  use_subdomain: false
+  block_size: 24
+  site_block_size: 30
+  subnet_group: 100.89.137.0/20
+rate_limits:
+  global:
+    window_minutes: 1
+    max_requests: 500
+email:
+  smtp_host: smtp.fastmail.com
+  smtp_port: 465
+  smtp_user: peter@peterwood.dev
+  smtp_pass: 7v5x943m4g58384q
+  no_reply: no-reply@peterwood.dev
+users:
+  server_admin:
+    email: peter@peterwood.dev
+    password: 23!hA1F^RCjT28
+flags:
+  require_email_verification: true
+  disable_signup_without_invite: true
+  disable_user_create_org: false
+  allow_raw_resources: true
+  allow_base_domain_resources: true
--- a/pangolin/config/traefik-dashboard/geoip/COPYRIGHT.txt
+++ b/pangolin/config/traefik-dashboard/geoip/COPYRIGHT.txt
@@ -0,0 +1 @@
+Database and Contents Copyright (c) 2025 MaxMind, Inc.
--- a/pangolin/config/traefik-dashboard/geoip/LICENSE.txt
+++ b/pangolin/config/traefik-dashboard/geoip/LICENSE.txt
@@ -0,0 +1,3 @@
+Use of this MaxMind product is governed by MaxMind's GeoLite2 End User License Agreement, which can be viewed at https://www.maxmind.com/en/geolite2/eula.
+
+This database incorporates GeoNames [https://www.geonames.org] geographical data, which is made available under the Creative Commons Attribution 4.0 License. To view a copy of this license, visit https://creativecommons.org/licenses/by/4.0/.
--- a/pangolin/config/traefik-dashboard/geoip/README.txt
+++ b/pangolin/config/traefik-dashboard/geoip/README.txt
@@ -0,0 +1 @@
+Latitude and longitude are not precise and should not be used to identify a particular street address or household.
--- a/pangolin/config/traefik/dynamic_config.yml
+++ b/pangolin/config/traefik/dynamic_config.yml
@@ -41,13 +41,44 @@ http:
      tls:
        certResolver: letsencrypt

+    # Traefik Log Dashboard router
+    traefik-dashboard-redirect:
+      rule: "Host(`traefik-logs.acedanger.com`)"
+      service: traefik-dashboard-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    traefik-dashboard-router:
+      rule: "Host(`traefik-logs.acedanger.com`)"
+      service: traefik-dashboard-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
  services:
    next-service:
      loadBalancer:
        servers:
-          - url: "http://pangolin:3002"  # Next.js server
+          - url: "http://pangolin:3002" # Next.js server

    api-service:
      loadBalancer:
        servers:
-          - url: "http://pangolin:3000"  # API/WebSocket server
+          - url: "http://pangolin:3000" # API/WebSocket server
+
+    traefik-dashboard-service:
+      loadBalancer:
+        servers:
+          - url: "http://traefik-dashboard:3000"
+
+tcp:
+  serversTransports:
+    pp-transport-v1:
+      proxyProtocol:
+        version: 1
+    pp-transport-v2:
+      proxyProtocol:
+        version: 2
--- a/pangolin/config/traefik/traefik_config.yml
+++ b/pangolin/config/traefik/traefik_config.yml
@@ -19,6 +19,20 @@ log:
  level: "INFO"
  format: "common"

+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  format: "json"
+  bufferingSize: 100
+  fields:
+    defaultMode: "keep"
+    names:
+      ClientUsername: "drop"
+    headers:
+      defaultMode: "keep"
+      names:
+        Authorization: "drop"
+        Cookie: "drop"
+
 certificatesResolvers:
  letsencrypt:
    acme:
--- a/pangolin/docker-compose.yml
+++ b/pangolin/docker-compose.yml
@@ -1,7 +1,7 @@
 name: pangolin
 services:
  pangolin:
-    image: fosrl/pangolin:1.10.3
+    image: fosrl/pangolin:1.12.1
    container_name: pangolin
    restart: unless-stopped
    labels:
@@ -18,7 +18,7 @@ services:
      timeout: 10s
      retries: 15
  gerbil:
-    image: fosrl/gerbil:1.2.1
+    image: fosrl/gerbil:latest
    container_name: gerbil
    restart: unless-stopped
    labels:
@@ -59,6 +59,53 @@ services:
      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
+  traefik-agent:
+    image: hhftechnology/traefik-log-dashboard-agent:dev-dashboard
+    container_name: traefik-log-dashboard-agent
+    restart: unless-stopped
+    labels:
+      - diun.enable=true
+    ports:
+      - "5000:5000"
+    volumes:
+      - ./config/traefik/logs:/logs:ro
+      - ./config/traefik-dashboard/geoip:/geoip:ro
+      - ./config/traefik-dashboard/positions:/data
+    environment:
+      - TRAEFIK_LOG_DASHBOARD_ACCESS_PATH=/logs/access.log
+      - TRAEFIK_LOG_DASHBOARD_ERROR_PATH=/logs/access.log
+      - TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN=${TRAEFIK_DASHBOARD_AUTH_TOKEN}
+      - TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING=true
+      - TRAEFIK_LOG_DASHBOARD_GEOIP_ENABLED=true
+      - TRAEFIK_LOG_DASHBOARD_GEOIP_CITY_DB=/geoip/GeoLite2-City.mmdb
+      - TRAEFIK_LOG_DASHBOARD_GEOIP_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
+      - TRAEFIK_LOG_DASHBOARD_LOG_FORMAT=json
+      - PORT=5000
+    healthcheck:
+      test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5000/api/logs/status" ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+  traefik-dashboard:
+    image: hhftechnology/traefik-log-dashboard:dev-dashboard
+    container_name: traefik-log-dashboard
+    restart: unless-stopped
+    labels:
+      - diun.enable=true
+    ports:
+      - "3005:3000"
+    volumes:
+      - ./config/traefik-dashboard/dashboard:/app/data
+    environment:
+      - AGENT_API_URL=http://traefik-agent:5000
+      - AGENT_API_TOKEN=${TRAEFIK_DASHBOARD_AUTH_TOKEN}
+      - AGENT_NAME=Pangolin Traefik Agent
+      - NODE_ENV=production
+      - PORT=3000
+    depends_on:
+      traefik-agent:
+        condition: service_healthy
 networks:
  default:
    driver: bridge
				`@@ -0,0 +1 @@`
				`Database and Contents Copyright (c) 2025 MaxMind, Inc.`
				`@@ -0,0 +1 @@`
				`Latitude and longitude are not precise and should not be used to identify a particular street address or household.`